ICO update on action taken over nuisance   calls

The Information Commissioner's Office (ICO) has reported that last year it received  166,665 complaints  concerning  unsolicited cold calls.  The  regulator  fined ten companies a total of nearly £1m in 2015 and expects to issue a further £1m in fines before the end of the financial year. They report on their work with other  regulators  like Ofcom  and  work with local government trading standards team to pursue culprits. The ICO is taking a firm stance against nuisance calls and has its eye set on this and other areas such as privacy notices and third party  marketing.

The ICO have also highlighted work undertaken to pursue companies  based  abroad.  If  they can trace spam or unwanted calls to countries in the European Economic Area, they will pass on evidence to the regulator based in that country. It can be seen that, with the amount and frequency of fines gradually increasing, the ICO is cracking down  on offenders and is taking its role as    a regulator very seriously in enforcing fines.

The ICO has published detailed guidance for companies carrying out marketing – explaining their legal requirements under the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR). The guidance covers the circumstances in which organisations are able to carry out marketing over the phone, by text, by email, by post or by fax. Companies are advised to revise this guidance.

To see the full statement click here 

ICO issues guidance on Wi­Fi  analytics

The Information Commissioner's Office (ICO) has issued new guidance setting out how operators of Wi­Fi networks can use location and analytics information in order to comply with the Data Protection Act 1998. It aims to help data controllers to  promote  good  practice and fully understand their  obligations.

Recommended practices  include:

  • conducting a privacy impact assessment
  • defining purposes – organisations need to be clear why  they  are  collecting personal data and what they intend to do with  it
  • being clear and transparent – individuals should be notified  
  • removing identifiable elements  – remove unnecessary  privacy  risks

Wi­Fi networks are seen as a gray area as  many  people  do not  fully  understand  what kind of data they are transmitting via Wi­Fi, what can be seen, who can access it and the security in place. Often people access Wi­Fi networks on the go, not realising that other people can potentially hack into their laptop, tablet or phone. Further to this with the onslaught of Location­Based Services, people are  forever  "checking  in"  to  restaurants, bars  etc making tracking almost a part of day to day life. Personal data obtained over Wi­  Fi needs to be protected. This guidance is a much  needed  addition  to  the  ICO's  catalogue and provides clear guidelines on how to protect individuals accessing a Wi­Fi network.

The guidance can be viewed here


EDPS gives opinion on EU­US Umbrella   Agreement

Giovanni Buttarelli, The European Data Protection Supervisor (EDPS), has published his Preliminary Opinion (1/2016) on the text of the EU­US 'Umbrella Agreement', set up to  allow the transfer of personal data from the EU to the US government for  law  enforcement. This agreement is separate from, but needs to be considered in conjunction with the 'Privacy Shield' agreement on the transfer of personal information in  a  commercial context.

Mr Buttarelli expresses his support for the agreement, but has concerns including the effectiveness of judicial redress, the prevention of bulk transfers of personal data and ensuring any safeguards apply to everyone protected under the Charter of Fundamental Rights, not just EU  citizens.

The full text of EDPS Opinion 1/2016 can be found   here


Facebook  and Twitter support  over phone encryption fight with FBI

The Guardian reports that Facebook and Twitter have lent their support in the legal battle with the FBI, which is attempting to gain access to the encrypted  phone  information  of  one of the San Bernardino mass shooting killers. The FBI has said that they aren't able to break into the phone of Syed Farook due to the security measures on the device and a Federal magistrate has ordered the creation of a software update to help  them  gain  access to the phone. Technology companies have concerns over the precedent this may set.

This comes in the wake of a series of attempts by the FBI and US Justice department to force tech companies to turn over (in real time) text messages from their users. These requests have been rebuffed time and time again. There is  heightened  corporate resistance by American technology companies who are intent on demonstrating that  they are trying to protect customer information. The US Justice department and  FBI  officials have been frustrated that the White House has not moved more quickly or been more outspoken in the public relations fight that the tech companies appear to  be  winning. Support has been given by a number of Republican presidential candidates for  an  increase in government surveillance. CIA Director John  Brennan  and  several  other officials are piling on the pressure and propose a backdoor algorithm which permits encrypted information to be decoded by the government. This  has  been  faced  with  a fierce opposition from the tech companies who view it as having dire consequences such  as exploitation by hackers and increased terrorism. In the wake of the Paris attacks, the debate around decoding encryption for national security versus right to a private life has gained momentum. Whilst terrorism needs to be counteracted, a balance needs  to  be struck. By decoding this type of encryption, you are potentially unlocking millions of  people's data. A mobile phone is no longer just a phone, you can use it to bank, to communicate, to shop, keep track of your fitness, use location based services, access dating  apps,  access  social  media  and  much  more.  It  is  a  hub  of  personal  data   and although this might assist in an investigation it can also be used to assist terrorism if  it  gets into the wrong hands.

Facebook said in a statement:

"We condemn terrorism and have total solidarity  with victims  of  terror.  Those who seek  to praise, promote, or plan terrorist acts    have no place on our services.

"However, we will continue to fight aggressively against requirements for companies to weaken the security of their systems. These demands would create a chilling precedent and obstruct companies' efforts to secure their  products."

The full Guardian article can be found  here